Monitoring keyboard and intercepting Windows text are two kinds of general attacking ways for stealing password.
In order to prevent the keyboard from being monitored, virtual keyboard is used for entering characters. Virtual keyboard is a program which simulates the operation of keyboard by software and inputs characters by mouse clicking. Trojan can record password input by a physical keyboard. The password input by virtual keyboard can be prevented from being recorded by Trojan. However, when a user inputs a character by the virtual keyboard, the mouse will click on the virtual keyboard which results in that the input control loses focus and can not receive the input character. So the position of focus must be fixed if the virtual keyboard is used, which brings inconvenience to the using of the virtual keyboard. The virtual keyboard of Windows XP system, which prevents the control from losing focus, can not prevent Trojan because the virtual keyboard uses keyboard codes which are consistent with the keys of a physical keyboard.
In order to increase the difficulty of intercepting window text by illegal users, owner-draw control, which uses non-input control without input focus as base class for displaying and outputting, operates with the virtual keyboard to perform the human-computer interaction. Since the output control has no input focus, a method is needed for confirming output control corresponding to the current entry when multiple outputs (for example, modifying the interface of PIN code) are performed at the same time. Mostly the method for confirming the output position is to determine where a mouse clicks on. But if the virtual keyboard is used, the position where the mouse clicks on is always on the virtual keyboard whenever determination of the output position is needed. So the general method cannot be used in this case.